Skip to Main Content
HCL Domino Ideas Portal

Welcome to the #dominoforever Product Ideas Forum! The place where you can submit product ideas and enhancement request. We encourage you to participate by voting on, commenting on, and creating new ideas. All new ideas will be evaluated by HCL Product Management & Engineering teams, and the next steps will be communicated. While not all submitted ideas will be executed upon, community feedback will play a key role in influencing which ideas are and when they will be implemented.

For more information and upcoming events around #dominoforever, please visit our Destination Domino Page

Status Needs Clarification
Workspace Safelinx
Created by Guest
Created on Jul 15, 2021

Create a mechanism so that a "http-service" can be chosen based on an IP-Range

We would like to create two SafeLinx "http-services" both with the same URL, for example "", and configure SafeLinx in a manner where the HCL SafeLinx Server will choose which "http-service" to use, based on the users IP-Address range.

For Example:

UserA has an internal IP Address from the range "" and navigates to "" in a web browser, the SafeLinx Server will then choose "http-service0", whereas for all other users "http-service1" will be selected and used.

This would allow to select different Authentication Mechanisms (MFA/TOTP or SAML) based on the clients location (LAN, External, VPN...).

Thank you in advance.

  • Attach files
  • Guest
    Aug 21, 2022

    I assume that you are implementing SAML and you want to differentiate between the external, which must authenticate via MFA/TOTP, and internal users, which should authenticate via WIA or a similar mechanism.

    For me, the better alternative is to use Split-Brain DNS. Use your hosted DNS service to redirect external users to HCL SafeLinx, where MFA/TOTP is used for authentication. Via your "internal" DNS service you can redirect the clients to the SP directly (HCL Domino, HCL Traveler, etc....), which in terms redirects the clients to your IdP and authenticates them via the desired protocol (WIA, username/PW, certificate based authentication, etc....).

    Some SAML IdPs can differentiate between external and internal clients, thus providing different authentication mechanisms. Depending on your use-case, this is a good option.

    As in other comment, you could also try creating two http-services, using different authentication mechanisms, and binding them to different NICs.

    If you have any further questions, post a question, with additional information, in the HCL community forums or create a Ticket:


  • Admin
    Timothy Clark
    May 12, 2022

    Have you tried binding the service to the two NICs that you would have? One internal and one external.